CVE-2025-6227

EUVD-2025-21876
Mattermost versions 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.2 LOW
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
mattermostmattermost_server
9.11.0 ≤
𝑥
< 9.11.17
mattermostmattermost_server
10.5.0 ≤
𝑥
< 10.5.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://mattermost.com/security-updates